f26217509b502c0d726d54440cd83aadde9481f367410eaa49ceafefae95b6bc | Triage

Sharing

General

Target

f26217509b502c0d726d54440cd83aadde9481f367410eaa49ceafefae95b6bc
Size

144KB
Sample

221003-kdwykafbb3
MD5

6ce7ec00f1d0674f6107f4d281f13cd9
SHA1

5af8a4961b8d398c1038d1caa4ea9430465ab07b
SHA256

f26217509b502c0d726d54440cd83aadde9481f367410eaa49ceafefae95b6bc
SHA512

9954fcc9b8c3c0d5284284abe81e9310b16533a811ad04725bc1c57096eddb8252581a184a2ac9e117d0eff0b6637c9eac4084f08d494b39d7a28b425ef25214
SSDEEP

768:j/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLdB:jRsvcdcQjosnvnZ6LQ1Ef

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  f26217509b502c0d726d54440cd83aadde9481f367410eaa49ceafefae95b6bc
- Size
  
  144KB
- MD5
  
  6ce7ec00f1d0674f6107f4d281f13cd9
- SHA1
  
  5af8a4961b8d398c1038d1caa4ea9430465ab07b
- SHA256
  
  f26217509b502c0d726d54440cd83aadde9481f367410eaa49ceafefae95b6bc
- SHA512
  
  9954fcc9b8c3c0d5284284abe81e9310b16533a811ad04725bc1c57096eddb8252581a184a2ac9e117d0eff0b6637c9eac4084f08d494b39d7a28b425ef25214
- SSDEEP
  
  768:j/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLdB:jRsvcdcQjosnvnZ6LQ1Ef
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2